OS

Steps to reproduce

Use the cisco_benigncertain module on a compliant, non-vulnerable IKE implementation, such as strongSwan.

Expected behavior

No vulnerability is reported.

Current behavior

The module reports the target as vulnerable to CVE-2016-6415. The module implementation incorrectly assumes the IKEv1 notification message header to be 36 bytes long, even though the correct length is 40. In IKEv2, it is 36 bytes.

problem is downloaded execution method tries to run a command line along the way

$p=[System.Diagnostics.Process]::Start($s);

I don't clearly see why there should be this command line restriction when we are already running powershell code victim side and we are able to execute whatever powershell script we download with IEX

Am I missing something obvious here?

I'm using latest dev version

I've already tried Powershell::remove_comspec and Powershell::exec_in_place with same results.
Maybe generated payload should be smarter in this case and not use command line as it will be executed by IEX anyway no matter how large it is.